| Name | Value |
|---|---|
| NAME | XUSAP PROXY CONN DETAIL ALL |
| MENU TEXT | Proxy (Connector) Detail Report |
| UPPERCASE MENU TEXT | PROXY (CONNECTOR) DETAIL REPOR |
| PACKAGE | KERNEL |
| DELEGABLE | YES |
| SCHEDULING RECOMMENDED | YES |
| ROUTINE | ENALL^XUSAP1 |
| DESCRIPTION | This option provides information about Connector Proxy accounts for the additional content is listed for each account: - Check/display connector proxy fields? YES/NO (checks for mis-configured accounts) - Scan sign-on log for connector proxy activity? YES/NO (lists account activity) Possible categorizations for whether accounts are reported as "Compliant w/3-year Service Account Mandate?" are: - YES (account is complaint) - *** NO <---- MUST FIX *** purposes of: (date created and date verify code last changed > 3 years in the past) - No, but user not active. - UNABLE TO DETERMINE (until patch XU*8.0*574, date verify code last changed for Connector Proxy accounts was incorrectly recorded as 4/10/2005) - unable to det. but not active. If an account's Date Verify Code Last Changed is listed as "(changed but date not recorded)", that means the "fake" 4/10/2005" date is present, and unless the account was created within the last 3 years, it is 1) Monitoring compliance with the 3-year mandate (per VA Handbook 6500) impossible to determine if the account is in compliance with the 3-year mandate. Also, if there is a value in the XUS Logon Attempt Count field, that value is displayed, as it could indicate a remote system attempting to connect and failing with an invalid verify code. If the option to "Check/display connector proxy fields?" is selected, the following checks are performed: - Warnings: (any field listed in the warning section should not be to expire/change verify codes for service accounts; populated. However, before changing, consult the National Help Desk or Customer Support as some applications may (currently) be depending (incorrectly) on a mis-configured connector configuration. - Values for other fields allowed/expected: (field normally populated for connector proxies) - Other Fields Populated (not expected fields, but not problematic either) - Other Multiples Populated (not expected, but not problematic either) If the option to "Scan sign-on log for connector proxy activity?" is selected, the report will scan the sign-on log for all signon activity 2) Reporting any mis-configured connector proxy accounts; associated with the account. Any activity found is displayed, organized by client IP address, and within IP address, by date of sign-on. The purpose of this report section is to help a site determine which accounts are active, and which external systems (by IP address) are logging onto the site with the specified account. This may help determine which remote applications a change to the account (such as verify code change) might impact, and may also help a site determine whether too many remote applications/data centers are using the same account (which could result in a more widespread service disruption if an account must be changed). 3) Listing account activity to help determine whether accounts are This option can be scheduled. active, and are being accessed from which remote locations. When running the report, the following options determine how much |
| CREATOR | ADAM,ADAM |
| TYPE | run routine |